Symantec readies “Big Brother” database security monitor

Symantec is currently testing a new database security appliance that sits on …

Symantec, makers of the popular Norton Anti-Virus suite of security products, has developed a new database security appliance that is designed to monitor database transactions. The device, essentially a small pre-configured server in a small form factor case, has all the network security features of the company's existing 7100 Series of network security appliances, but features additional software developed by Symantec's research and development group. The software monitors all database queries and flags any that are deemed "suspicious" or inappropriate, then sends an immediate message to the network administrator. The software does not attempt to shut down the queries or prevent the sender from initiating further requests, although Symantec has not yet ruled out the idea of an automatic response to potential threats.

The product prototype currently runs on a standard Dell PowerEdge 1850 server running Linux, but the final product will likely be a self-contained unit.

Database security appliances of this type are not a new idea. Companies such as Imperva are currently selling similar types of severs. However, this move represents the first time a mainstream PC security company has decided to enter into this market. Demand for such tools has increased recently, fueled by new laws such as the Sarbanes-Oxley Act and California's new SB 1386 bill, which requires companies to notify customers after security breaches.

Symantec group product manager Gerry Egan spoke about the possible uses of the new device:

We're providing Big Brother in a box, if you like, to just keep a gentle eye on people. And if people deviate from their normal patterns, we can flag that. Our product particularly comes into play where there are valid or authorized users of the database who now start to abuse the privilege. The product could be used to detect employee or partner fraud, or to warn database administrators (DBAs) when their applications appear to be acting in a malicious manner.

The use of the term "Big Brother" has traditionally raised flags about privacy and oppressive use of confidential information, but in today's more paranoid world it apparently can be used as marketing material as well. Nevertheless, devices such as Symantec's new database appliance underscore the need for more and varied means of securing networks. Will the future of digital security be filled with products that snoop and spy on network usage patterns?